ABM, Meet Your New Boss, GDPR – Part One of Four

ABM, Meet Your New Boss, GDPR – Part One of Four

GDPR is set to hit on May 25th, which, depending on which source you read, is either the end of the marketing world, or a great way to increase conversion numbers on your email campaigns. Time will tell which is right, so, for now, this blog series is concerned with understanding and adjusting the tactics for account based marketing (ABM) as they relate to GDPR.

This is a 4-part blog series covering how we achieved GDPR readiness. Over the month of April each Friday we will release the following sections:
Part One: Segment and Sync Your Databases, Consent, List Vendors
Part Two: Inbound Leads, Managing Opt in /Opt out, Managing Leads from Field Marketing
Part Three: Outbound Marketing Tactics
Part Four: Advertising
Or, download the entire white paper here.

How GDPR Affects ABM Tactics

An ABM strategy usually employs a variety of digital marketing and direct marketing tactics, so it’s important to look at each one closely at how it might be affected by GDPR. Keep in mind that the rules around GDPR are still being finalized and interpreted, and this blog is written by marketers, for marketers: you should consult with your legal team and security officer for specific direction and guidance on how these rules may affect your organization.


Solve for GDPR

For our company’s GDPR readiness, Treasure Data’s own ABM initiative was put to task by our very own product – the Treasure Data enterprise customer data platform (CDP). Using our own solution for GDPR has been exciting for both sales, marketing and product teams. Being that we have less than 250 employees, we aren’t subject to GDPR yet so we didn’t HAVE to do this, but it was great seeing how our CDP works in the areas of database segmentation, opt in / opt out management, inbound leads, cold emailing and more.

Get Treasure Data blogs, news, use cases, and platform capabilities.

Thank you for subscribing to our blog!

Treasure Data’s ABM Approach

Our target buyers are in several thousand accounts in a typical “tiered” structure.

Tier 1: The smallest bucket of accounts. Assigned to Account Executives directly, who develop personalized account plans for each account and contact in the organization.

Tier 2: A medium bucket of accounts. Assigned to our SDR team directly, who use a combination of manual outreach and marketing automation to reach accounts and contacts at scale.

Tier 3: The largest bucket of accounts. Assigned to SDRs directly who mostly rely on marketing automation and scoring models to prioritize which accounts to personally reach out to.

Segmenting and Synchronizing Your Databases

This basic step is essential. You want to segment your customer and prospect databases to create separate audiences for accounts and contacts that are affected by GDPR, and those that are not. These databases could be for email automation, CRM or digital advertising – any system in which you store contact data.

At Treasure Data, we’ve created the following audience segments. Note that we’ve created a separate segment for UK contacts, which could save rework down the road if post-Brexit distinctions need to be made between EU and UK citizens:

  • EU companies and their contacts (including contacts who may not live in the EU, but are known to work for a company with EU headquarters)
  • UK companies and their contacts (including contacts who may not live in the UK, but are known to work for a company with UK headquarters)
  • Any contact identified as residing in the EU / UK, regardless of their company HQ location

This gives the Treasure Data team the flexibility to handle each population in accordance with the rules that apply.

Capturing and Managing Consent and Other Privacy Preferences

Another basic step is to add or update contact preferences and other opt-out preferences to be comprehensive and consistent across all customer databases. For example, if you use Salesforce, Marketo and Zendesk, you probably have fields similar to the following across all your systems:

  • Email opt out
  • Call opt out
  • Cookie opt out
  • Targeted ad opt out
  • Social media opt out
  • Direct mail opt out

You will have to keep track of every change to each of these consents over time, and operationalize these consents, taking them into account in your ABM activities. For example, you have to deal with the following scenarios:

  • Someone calls in to your sales or support department and requests to be removed from all forms of email. The sales / support agent makes that change in the system they regularly use, and that change would then be passed on to other systems.
  • A user opts out of email via a preference recorded in Marketo, but continues to receive emails from salespeople doing cold outreach out of Salesforce, or vice versa.

Your safest bet for GDPR is to have a consistent view of these preferences across all your systems. And managing that manually is a recipe for getting it wrong – and getting fined. Here are some ways to get there:

  • Your broader enterprise may maintain a central store of such user preferences with an external consent management or preference management system. If so, let that be your system of record. Systems all across your company, well outside the scope of marketing, probably have the potential to make changes to those preferences. Also, external consent management systems tend to have legally vetted web or mobile device apps to walk users through configuring their preferences, presenting terms of service, etc. Treasure Data can be integrated with external consent management platforms, as they all provide APIs for this purpose.
  • You can build your own system of record in tables in your data store, and build logic that synchronizes that data to and from your other systems. For example, you could store this in Treasure Data, and use workflows and integrations to implement the synchronization steps. You may rely on changes through other systems like call centers, email campaign managers, etc. to capture those, or you may add web and/or mobile access for configuring those preferences.

Either way, you’ll need to operationalize those privacy preferences across all your marketing activities. Managing those activities from a customer data platform (CDP) – like Treasure Data – is the surest way to stay compliant with GDPR. Once your CDP has your ABM target accounts’ preferences logged, you can market to each one only in the ways they’ve asked for.

Running Opt In Campaigns

With an opt in campaign, also known as “permission passing” campaign you reach out to your EU audience segments and ask them if they’d like to opt in for communications after the GDPR regulations go into effect. If GDPR has already taken effect, it’s best to launch this campaign as soon as possible.

At Treasure Data, our list includes all countries in the EU, including the UK. Here are the steps for our opt in / permission passing campaign:

  1. Unify all email databases
  2. Create an EU / UK segment in email / marketing automation software
  3. Exclude all contacts who have previously opted out
  4. Customize messaging by vertical (this is not related to GDPR, but improves open and response rates)
  5. Launch a sequence of three emails, ending with a “last chance to opt in” call to action

While many of these steps are common sense, pay special attention to step 3. Honda and Flybe were fined by the UK Information Commissioner’s Office (ICO) for emailing citizens who had previously opted out of email communication. To quote the ICO, “Businesses must understand they can’t break one law to get ready for another.” In other words, if someone has already opted out, don’t email them to ask if they want to opt in again.

Also, bear in mind that opt in must be explicit. For instance, if an opt in form has several checkbox options, you can’t have the opt in box checked by default. The individual must manually check it. You also need to present a legal statement that outlines how the person’s information will be used.

Working with GDPR-Compliant Vendors

First of all, GDPR is prohibitive of list buying in general, but we’ve seen new vendor list services popping up that claim to offer names who’ve opted in to be contacted by the vendor’s customers in accordance with GDPR.

For many marketers, the restrictions on lists may be one of the biggest changes. Basically, buying lead lists with EU contacts, or using a SaaS service to look up contacts carries serious risks for marketing teams. From our research, there are a couple workarounds here.

-Seek legal guarantees
Only work with vendors that legally guarantee their lists contain contacts who have opted in to marketing communications from other vendors. This seems like an obvious solution, but use caution: If you buy a list, send emails and find out a contact was not GDPR-compliant, you’re the one on the hook, not the vendor. Additionally, we are aware of complications whereby if a vendor extends their network, this would affect their terms of service and the vendor would have to reconfirm the contact’s opt in status, further complicating the issue.

Even if you are confident of the vendor’s ability to manage this process, and the vendor’s contract states they take liability, you could still wind up with two legal actions – enforcement by EU authorities for a GDPR violation, and your own lawsuit against the lead vendor for damages.

Luckily there still seems to be a way to work these lists via cold calling. Check out more on this tactic in the Cold Calling section below.

-Utilize an email delivery vendor

A second tactic is to provide your email copy, a list of target accounts and ideal titles to a vendor that sends emails on your behalf. Working in this way, your vendor would be classified as a ”data controller” and thereby take on the legal risk. This seems like the best way to solve the problem but it’s unclear at this time how popular this kind of model will become.

Of course, with this option, you’d be at the mercy of the email delivery vendor to correctly execute, track and report on the campaign. This could slow down the sales process, but that’s still better than getting hit with a fine or eliminating the ability to email market all together.

End of Part One

This is a 4-part blog series covering how we achieved GDPR readiness. Over the month of April each Friday, we will release the following sections:
Part One: Segment and Sync Your Databases, Consent, List Vendors
Part Two: Inbound Leads, Managing Opt in /Opt out, Managing Leads from Field Marketing
Part Three: Outbound Marketing Tactics
Part Four: Advertising

Download the entire white paper here.

Erik Archer Smith
Erik Archer Smith
Erik Archer Smith was a data-driven marketing and sales professional at Treasure Data with 10+ years experience helping companies scale during phases of hyper-growth. Erik got involved with tech early and built the first social media site in Japan using open source technology in the early 2000s. When not working, he enjoys spending time at the beach with his wife and dog, and obsessing over character-build stats in whatever RPG currently has him hooked.
Related Posts